VulnerAlert



PRODUCTS
WORDPRESS
28-10-2025 03:20

CVE-2025-11735 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#sql injection
#sql
#plugin
#injection
#data
#woocommerce
#product
#lte
#form
#add
#products
#database
#/sql(.*)injection/iU
#attackers
#authenticated
#vulnerable
#inject
#attack
Descripción
The HUSKY – Products Filter Professional for WooCommerce plugin WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due insufficient escaping on user supplied lack of sufficient preparation existing query. This makes it possible unauthenticated attackers append additional queries into already that can be used extract sensitive information from database.
https://plugins.trac.wordpress.org/browser/woocommerce-products-filter/trunk/ext/by_text_2/index.php#L164
https://www.wordfence.com/threat-intel/vulnerabilities/id/ebaec880-0d1c-4725-a746-530f48821279?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-11735
Resultados similares
Coincidentes en almenos en 50% de los tags
28-10-2025 CVE-2025-10145
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side...
Ver información
27-10-2025 CVE-2025-12296
A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por